|
[Date Prev] [Date Next] [Thread Prev] [Thread Next] [Date Index] [Thread Index]
|
Re: [PLUG] Brute force SSH attack confounds defenders
|
On Wed, Dec 10, 2008 at 12:00 AM, John Von Essen <john@essenz.com> wrote:
>
> But... if we all leave SSH open with strong passwords, the brute force
> bots will have a ton of hosts to waste their time on, and eventually brute
> force ssh will become boring and a waste of cpu time.
>
Why not do the following:
1) Move "real" SSH service to another port
2) Build a "fake SSH" daemon to listen on port 22, that does nothing
but /dev/null information that is sent to it and return an "invalid
password" response on every login attempt.
#2 wouldn't take up a whole lot of memory or CPU, since it really
isn't *doing* anything. But it would go a long way in wasting the
time of botnets that are trying to get in.
For bonus points, such a "fake" daemon could also have options to
sleep() for an abnormally long time before giving out an "invalid
password" response, further tying up attacking machines.
I wouldn't necessarily want to do this on a production server at the
office, but it's the sort of thing I would have no problem installing
on my personal mail server.
-- Doug
___________________________________________________________________________
Philadelphia Linux Users Group -- http://www.phillylinux.org
Announcements - http://lists.phillylinux.org/mailman/listinfo/plug-announce
General Discussion -- http://lists.phillylinux.org/mailman/listinfo/plug
|
|